Re: [Samba] how to set folder redirection on Windows 7 with a Samba PDC

On 25/08/2010 06:59 a.m., Daniel Müller wrote:
> In the first. I think for the case of xp and 2000 the netlogon script is
> Done with administrator rights. But with vista and 7 it is different.
> Some things will not work as they should.
> Ex: if you want to change registry settings(HKL_machine) you must be
> administrator.

Yes, sir sad but truth. Some registry values could not be writed if you
do not disable LUA. (That creepy Windows feature that ask for any change)
But if you enable remote registry service this headache was over

> This could be done by third party software (sanur,runas).
> After all kixstart is no replacement of ntconfig.pol.
> Greetings Daniel
>
> -----------------------------------------------
> EDV Daniel Müller
>
> Leitung EDV
> Tropenklinik Paul-Lechler-Krankenhaus
> Paul-Lechler-Str. 24
> 72076 Tübingen
>
> Tel.: 07071/206-463, Fax: 07071/206-499
> eMail: mueller@tropenklinik.de
> Internet: www.tropenklinik.de
> -----------------------------------------------
> -----Ursprüngliche Nachricht-----
> Von: samba-bounces@lists.samba.org [mailto:samba-bounces@lists.samba.org] Im
> Auftrag von Abe Lau
> Gesendet: Mittwoch, 25. August 2010 13:39
> An: German Molano
> Cc: samba@lists.samba.org
> Betreff: Re: [Samba] how to set folder redirection on Windows 7 with a Samba
> PDC
>
> On Tue, Aug 24, 2010 at 1:38 AM, German Molano<gmolano@ignios.net> wrote:
>
>> On 22/08/2010 01:44 a.m., Abe Lau wrote:
>>
>>
>>> On Sun, Aug 22, 2010 at 2:48 PM, German Molano
> <gmolano@ignios.net<mailto:
>>> gmolano@ignios.net>> wrote:
>>>
>>> On 21/08/2010 10:54 p.m., Abe Lau wrote:
>>>
>>> Hi,
>>> I have read that Windows 7 is using a new admx format and that
>>> it is not
>>> compatible with the old-school poledit. If I would like to
>>> stick with a
>>> Samba PDC, is there any elegant way to get Windows 7 client to
>>> obey the
>>> folder redirection(and possibly other rules) set using poledit&
>>> NTConfig.pol?
>>>
>>> Yes there is a way to do folder redirection with kixtart tools
>>> you can write directly to the Windows Registry modyfing the
>>> Workstation Settings.
>>>
>>> In your netlogon start up script call kix32 runtime with your own
>>> script with some values like these:
>>>
>>> $UserShellFolders =
>>>
>>>
> "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User
>>> Shell Folders"
>>> WriteValue($UserShellFolders, "Personal", "H:\Documents", "REG_SZ")
>>> WriteValue($UserShellFolders, "AppData",
>>> "H:\.winsettings\appdata", "REG_SZ")
>>> WriteValue($UserShellFolders, "Desktop", "H:\WinDesktop", "REG_SZ")
>>> WriteValue($UserShellFolders, "My Music", "H:\Music", "REG_SZ")
>>> WriteValue($UserShellFolders, "My Pictures", "H:\Pictures", "REG_SZ")
>>> WriteValue($UserShellFolders, "My Video", "H:\Videos", "REG_SZ")
>>> WriteValue($UserShellFolders,
>>> "{374DE290-123F-4565-9164-39C4925E467B}", "H:\Downloads", "REG_SZ")
>>>
>>>
>>>
>>> I have been searching the mailing list, but there doesn't
>>> seems to be much
>>> detailed information on how to get Windows 7 to integrate
>>> nicely with a
>>> Samba PDC. Any insights?
>>>
>>> Thanks,
>>> Abe
>>>
>>>
>>> -- To unsubscribe from this list go to the following URL and read
>>> the
>>> instructions: https://lists.samba.org/mailman/options/samba>>>
>>>
>>> Thanks German Molano.
>>>
>>> That may seems to be a viable solution. By the way, the webpage doesn't
>>> mention Windows 7 being supported? Is the webpage just outdated?
>>>
>> Yes it is supported but some Registry values are protected and some values
>> differs from Windows 7/Vista to Windows XP/2000, but with kixstart you
> could
>> distinct between platforms and apply settings depend on it, it could be
> done
>> like this:
>>
>> $ntversion = READVALUE("HKLM\SOFTWARE\Microsoft\Windows
>> NT\CurrentVersion\", "CurrentVersion")
>>
>> Select
>>
>> Case $ntversion = 6.1 ;Windows 7
>>
>> WriteValue(....
>>
>> Case $ntversion = 6.0 ;Windows Vista
>>
>> WriteValue(....
>>
>> Case $ntversion = 5.1 ;Windows XP
>>
>> WriteValue(....
>>
>> Case $ntversion = 5.0 ;Windows 2000
>>
>> WriteValue(....
>>
>>
>>
>>
>>> Not knowing much about kixtart, does it mean that I could replace
>>> everything in NTConfig.pol with a kixtart script? That would be an
> elegant
>>> solution before Samba4 is ready I suppose :-)
>>>
>>>
>> NTConfig.pol modifies resgistry settings at logon, so yes you could
> replace
>> it, but is little less "graphical" because you deal with a script not with
> a
>> GUI. Also you could deliver policies with a Domain Group basis with
>> conditionals like this:
>>
>> If InGroup( "MYDOMAIN\Accounting" )
>>
>> WriteValue(....
>>
>> EndIf
>>
>>
>>
>> Abe
>>
>>
> Thanks German.
>
> I tried to read into the manual of Kixtart, and it seems to me that the way
> to go with samba is to run kixtart via the netlogon logon script. This
> looks straight-forward and easy to implement.
>
> However, does it mean kixtart will run only with limited user privileges,
> and thus cannot modify anything that will need administrative privileges?
> If that is the case, I shouldn't be considering it a replacement of
> NTConfig.pol isn't it?
>
> Abe